fix(auth): refresh credentials on some API errors #2712

JadenSimon · web-flow · commit d153e1ed3dea · 2022-06-22T10:14:38.000-07:00
Problem: JS SDK v2 has built-in logic to 'refresh' credentials on certain API errors, but the way it works is that it directly mutates the credentials provider. Solution: Align with the implementation. This should _finally_ resolve this fairly long-standing bug. Related: * #2664 * #2465 * #1226
diff --git a/.changes/next-release/Bug Fix-fd07b2a1-5c62-4402-9229-64149dfc5f12.json b/.changes/next-release/Bug Fix-fd07b2a1-5c62-4402-9229-64149dfc5f12.json
@@ -0,0 +1,4 @@
+{
+	"type": "Bug Fix",
+	"description": "Credentials are now automatically refreshed on certain AWS API errors"
+}
diff --git a/src/shared/awsClientBuilder.ts b/src/shared/awsClientBuilder.ts
@@ -104,13 +104,15 @@ export class DefaultAWSClientBuilder implements AWSClientBuilder {
                     shim.refresh()
                         .then(creds => {
                             this.loadCreds(creds)
+                            // The SDK V2 sets `expired` on certain errors so we should only
+                            // unset the flag after acquiring new credentials via `refresh`
+                            this.expired = false
                             callback()
                         })
                         .catch(callback)
                 }
 
                 private loadCreds(creds: CredentialsOptions & { expiration?: Date }) {
-                    this.expired = false
                     this.accessKeyId = creds.accessKeyId
                     this.secretAccessKey = creds.secretAccessKey
                     this.sessionToken = creds.sessionToken ?? this.sessionToken

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +	"type": "Bug Fix",
 +	"description": "Credentials are now automatically refreshed on certain AWS API errors"
 +}